Re: Subject: Re: ext3 to include capabilities?

David Ford (
Fri, 2 Apr 1999 19:39:06 -0800 (PST)

It's not really just about editing the password file though, is it?
After all, if I have write access to all of root's other files, I can just
make a cron job that dumps in an extra user to /etc/passwd, or any number
of other possibilities... adding a capability for filesystem access to
root's files would likely be more useful than just CAP_EDIT_PASSWD.

tani hosokawa
river styx internet

On Sat, 3 Apr 1999, Richard Gooch wrote:

> Meelis Roos writes: > > ADC> if(setuid){ > > ADC> if(root_owned && cap_header) use_cap_header(); > > ADC> else use_setuid_bit(); > > ADC> } > > > > But here root is still special. Somebody who has the permissions to > > create users may create a root user or change root's password and thus > > gain access to root and then to everything? > > The capability to create users is the capability to edit /etc/passwd. > That implies being able to create root users. This has nothing to do > with Albert's scheme. > > A correct administration tool which has CAP_EDIT_PASSWD will prevent > creating root users unless CAP_GOD is set.

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to Please read the FAQ at